From 0aef0328c1f5eefa835310bd3227ce8236534476 Mon Sep 17 00:00:00 2001 From: adjoly Date: Fri, 7 Feb 2025 14:48:34 +0100 Subject: [PATCH] =?UTF-8?q?=E3=80=8C=F0=9F=8F=97=EF=B8=8F=E3=80=8D=20wip:?= =?UTF-8?q?=20Added=20prodution=20option=20for=20CD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- srcs/configs/nginx/entry/cert-gen.sh | 27 ++++++++++++++----- .../configs/nginx/templates/www.conf.template | 2 +- srcs/docker-compose.yml | 19 ++++++++++--- 3 files changed, 36 insertions(+), 12 deletions(-) diff --git a/srcs/configs/nginx/entry/cert-gen.sh b/srcs/configs/nginx/entry/cert-gen.sh index bee7c43..56d276b 100755 --- a/srcs/configs/nginx/entry/cert-gen.sh +++ b/srcs/configs/nginx/entry/cert-gen.sh @@ -1,9 +1,22 @@ #!/bin/sh - -if [ ! -f ${NGINX_SSL_KEY_FILE} ]; then - echo "Generating certs" - mkdir -p /etc/nginx/ssl - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${NGINX_SSL_KEY_FILE} -out ${NGINX_SSL_CERT_FILE} -subj "/C=FR/ST=IDF/L=Angouleme/O=42/OU=42/CN=adjoly.42.fr/UID=adjoly" -else - printf "Key already exist not recreating\n" +if [ ! -v ${PRODUCTION} ]; then + if [ ! -f ${NGINX_SSL_KEY_FILE} ]; then + echo "Generating certs" + mkdir -p /etc/nginx/ssl + openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${NGINX_SSL_KEY_FILE} -out ${NGINX_SSL_CERT_FILE} -subj "/C=FR/ST=IDF/L=Angouleme/O=42/OU=42/CN=adjoly.42.fr/UID=adjoly" + else + printf "Key already exist not recreating\n" + fi +else + printf "Entering production mode for nginx" + INPUT_FILE="/etc/nginx/http.d/www.conf" + OUTPUT_FILE="/etc/nginx/http.d/www.conf" + sed -E ' + s/listen\s+443 ssl;/listen 80;/; + s/server_name.*/&\n\tlisten 80;/; + /ssl_certificate/d; + /ssl_certificate_key/d; + /ssl_protocols/d; + /ssl_session_timeout/d; + ' "$INPUT_FILE" > "$OUTPUT_FILE" fi diff --git a/srcs/configs/nginx/templates/www.conf.template b/srcs/configs/nginx/templates/www.conf.template index 7aa0ec9..e82d227 100644 --- a/srcs/configs/nginx/templates/www.conf.template +++ b/srcs/configs/nginx/templates/www.conf.template @@ -1,7 +1,7 @@ server { listen 443 ssl; - server_name adjoly.42.fr www.adjoly.42.fr; + server_name $NGINX_EXPOSED_HOSTS; root /var/www/html; index index.php; diff --git a/srcs/docker-compose.yml b/srcs/docker-compose.yml index 43f77ee..1deb8df 100644 --- a/srcs/docker-compose.yml +++ b/srcs/docker-compose.yml @@ -21,18 +21,29 @@ services: - NGINX_PHP_HOST=inception-wordp-php - NGINX_SSL_KEY_FILE=/etc/nginx/ssl/adjoly-wp.key - NGINX_SSL_CERT_FILE=/etc/nginx/ssl/adjoly-wp.crt + - NGINX_EXPOSED_HOSTS=adjoly.42.fr depends_on: wordpress-php: - condition: service_started + condition: service_healthy db: - condition: service_started + condition: service_healthy volumes: - wp-site:/var/www/html - ./configs/nginx/templates:/etc/nginx/templates - ./configs/nginx/entry:/docker-entrypoint.d ports: - - "443:443" + - "10443:443" restart: unless-stopped + labels: + - traefik.enable=true + - traefik.docker.network=traefik-back + + - traefik.http.routers.inception.rule=Host(`inception.kanel.ovh`) + - traefik.http.routers.inception.entrypoints=websecure + - traefik.http.routers.inception.tls=true + - traefik.http.routers.inception.tls.certresolver=letsencrypt + - traefik.http.routers.inception.service=inception + - traefik.http.services.inception.loadbalancer.server.port=80 wordpress-php: container_name: inception-wordp-php @@ -43,7 +54,7 @@ services: - inception depends_on: db: - condition: service_started + condition: service_healthy environment: - PHP_MEMORY_LIMIT="512M" - PHP_MAX_UPLOAD="50M"